In an era where the perils of information
theft are well known and paper shredding has become a part of daily life for
millions, it’s ironic that government agencies have yet to close a major
loophole in their information security practices.
Consider the following:
– As part of an ongoing investigation, the St. Louis Post-Dispatch
periodically buys discarded U.S. government computers from recyclers
in Nigeria. In a December 2006 article, the paper reported it had
found school records, personal messages, financial information and
teachers’ Social Security numbers from public schools in California
and Virginia on computers it had purchased.
– In April 2005, a man searching a garbage dump in the United Kingdom
was handed a laptop containing 70 top secret files from the British
military, including details of a British army camp and navy base, by
a woman at the dump.
– A 2006 article in the Los Angeles Times revealed the U.S. military
paid thousands of dollars to recover computer hard drives being sold
in an Afghan market. A journalist for the Times reported he saw
information on one of the drives that showed maps, charts and
intelligence reports on Taliban and Al Qaeda military activities.
What many government IT professionals realize – but most agencies have
yet to embrace – is the act of deleting data from computer hard drives is no
guarantee the information will not be resurrected at a later date by
unscrupulous people.
“Data is very resilient. It can be frequently retrieved by data recovery
specialists, even on hard drives damaged by natural disaster or equipment
failure,” says Bill Margeson, president and CEO of CBL Data Recovery
Technologies Inc. “Given the number of computers that are leased by government
organizations, along with those that are donated, sold for re-use or even
scrapped, it’s critical all information be completely destroyed before the
host hardware is out of the organization’s hands.”
Many people think that repeatedly deleting data, repartitioning or
reformatting the hard drive are sufficient means to render data inaccessible.
In reality, until data is actually overwritten by new information or a signal,
it can be recovered by programs that read disk sectors directly.
The only infallible ways to destroy data or make it completely
inaccessible are to degauss, to overwrite files or to simply destroy the
storage media itself. The United States Department of Defense has approved
both overwriting and degaussing; however, the effectiveness of overwriting
cannot be guaranteed without case-by-case examination, and degaussing can
render a hard drive inoperable because it may damage the magnetic media.
CBL Data Recovery Technologies offers a free application called CBL Data
Shredder for Windows that eliminates the possibility of resurrecting computer
data. The application provides a variety of destruction techniques of
differing levels of security and convenience. CBL Data Shredder techniques
satisfy U.S. Department of Defense Standard 5220.22-M, the Royal Canadian
Mounted Police DSX Method, as well as the German BSI
Verschlussachen-IT-Richtlinien (VSITR) Standard. To download CBL Data Shredder
for Windows, go to http://www.cbltech.ca/data-shredder.html.
